<?xml version="1.0" encoding="UTF-8"?>
<sc:item xmlns:sc="http://www.utc.fr/ics/scenari/v3/core">
	<dk:section xmlns:dk="kelis.fr:dokiel" xmlns:sc="http://www.utc.fr/ics/scenari/v3/core" xmlns:sp="http://www.utc.fr/ics/scenari/v3/primitive">
		<dk:title>
			<sc:fullTitle>Windows Users</sc:fullTitle>
		</dk:title>
		<sp:content>
			<dk:content>
				<sp:infobloc>
					<dk:flowAll>
						<sp:txt>
							<dk:text>
								<sc:para sc:id="t31">Cybera Server needs to access the Workstation computer's registries in order to lockdown user rights. In order for this to work correctly care must be taken to set up specific Windows users that will be used for running Cybera server and Cybera Workstation.</sc:para>
							</dk:text>
						</sp:txt>
					</dk:flowAll>
				</sp:infobloc>
				<sp:note>
					<dk:flowAll>
						<sp:txt>
							<dk:text>
								<sc:para sc:id="t45">In the folowing procedure logins names are an example.</sc:para>
							</dk:text>
						</sp:txt>
					</dk:flowAll>
				</sp:note>
				<sp:op>
					<dk:stepList>
						<dk:sTitle>
							<sc:fullTitle>Workstation Windows users</sc:fullTitle>
						</dk:sTitle>
						<sp:step>
							<dk:sTitle>
								<sc:fullTitle>Create an account called 'user'</sc:fullTitle>
							</dk:sTitle>
							<dk:flowAll>
								<sp:txt>
									<dk:text>
										<sc:para sc:id="t32">This user should be a normal, basic Windows user with basic user rights.</sc:para>
										<sc:para sc:id="t34">This will be the main user under which Cybera Workstation will be run on a daily basis.</sc:para>
									</dk:text>
								</sp:txt>
							</dk:flowAll>
						</sp:step>
						<sp:step>
							<dk:sTitle>
								<sc:fullTitle>Create an account called 'manager'</sc:fullTitle>
							</dk:sTitle>
							<dk:flowAll>
								<sp:txt>
									<dk:text>
										<sc:para sc:id="t35">
											<sc:inlineStyle role="emphasis">This user must have administrative rights on the workstation</sc:inlineStyle>, he must be part of the Administrators user group.</sc:para>
										<sc:para sc:id="t36">This user must not be used to run the Cyber cafe and in normal operation should never be used directly. This user will be used by Cybera Server during user rights lockdown and can also be used by the Cyber café administrator in order to perform administrative tasks.</sc:para>
									</dk:text>
								</sp:txt>
							</dk:flowAll>
						</sp:step>
					</dk:stepList>
				</sp:op>
				<sp:op>
					<dk:stepList>
						<dk:sTitle>
							<sc:fullTitle>Server Windows users</sc:fullTitle>
						</dk:sTitle>
						<sp:step>
							<dk:sTitle>
								<sc:fullTitle>Create an account called 'user'</sc:fullTitle>
							</dk:sTitle>
							<dk:flowAll>
								<sp:txt>
									<dk:text>
										<sc:para sc:id="t32">This user should be a normal, basic Windows user with basic user rights.</sc:para>
										<sc:para sc:id="t34">This user is not mandatory on the server but needs to be present if you will want to access the Server from the workstations (for shared folders etc).</sc:para>
									</dk:text>
								</sp:txt>
							</dk:flowAll>
						</sp:step>
						<sp:step>
							<dk:sTitle>
								<sc:fullTitle>Create an account called 'manager'</sc:fullTitle>
							</dk:sTitle>
							<dk:flowAll>
								<sp:txt>
									<dk:text>
										<sc:para sc:id="t35">Contrary to the workstations, this user can be a simple user on the server.</sc:para>
										<sc:para sc:id="t37">This is the user under which Cybera Server will be run on a daily basis.</sc:para>
									</dk:text>
								</sp:txt>
							</dk:flowAll>
						</sp:step>
					</dk:stepList>
				</sp:op>
				<sp:warning>
					<dk:flowAll>
						<sp:txt>
							<dk:text>
								<sc:para sc:id="t38">The accounts on the server and the workstations <sc:inlineStyle role="emphasis">must have the same passwords</sc:inlineStyle> ! </sc:para>
								<sc:para sc:id="t40">ex: the 'user' account has no password and the 'manager' account has 'cybera' as a password on both the server AND the workstations. </sc:para>
							</dk:text>
						</sp:txt>
					</dk:flowAll>
				</sp:warning>
				<sp:part>
					<dk:sTitle>
						<sc:fullTitle>Notes</sc:fullTitle>
					</dk:sTitle>
					<dk:content>
						<sp:infobloc>
							<dk:flowAll>
								<sp:txt>
									<dk:text>
										<sc:para sc:id="t41">The system works because the windows user on the server PC has admin rights on the workstation PCs and therefore the server can access the workstation's registry remotely. When you get an error message on the server about not being able to lockdown the workstations this means that this condition is not fulfilled. </sc:para>
									</dk:text>
								</sp:txt>
							</dk:flowAll>
						</sp:infobloc>
						<sp:note>
							<dk:flowAll>
								<sp:txt>
									<dk:text>
										<sc:simpleList sc:id="t54">
											<sc:member sc:id="t55">The 'user' account on the server is only useful if you want to enable file sharing from the server (for in-house IT training courses or for use with session start &amp; Stop scripts). </sc:member>
											<sc:member sc:id="t56">The 'manager' account does not need to have admin privileges on the server, only on the workstations. This means that you can control how the managers use the server PC as well (if you are a windows admin). </sc:member>
											<sc:member sc:id="t57">In normal usage the 'manager' account on the clients is never used, it is only there to enable remote registry access from the server (and maybe for computer maintenance).</sc:member>
										</sc:simpleList>
									</dk:text>
								</sp:txt>
							</dk:flowAll>
						</sp:note>
					</dk:content>
				</sp:part>
			</dk:content>
		</sp:content>
	</dk:section>
</sc:item>